Kubernetes Security: a guided walkthrough of all the tools you need

About the workshop

Everyone knows that any good Kubernetes cluster has to be secure. From cluster and infrastructure hardening to setting up policies and conducting scans, there is a host of powerful tools at your disposal to ensure end-to-end security for all your Kubernetes environments.

After a very successful webinar covering CKS and the knowledge and tools required to pass the certification, we thought we’d build a live, instructor-led workshop so you can try out the hottest security tools out there step-by-step during a guided interactive session.

The live workshop is an opportunity to hone in those security skills, following instructions. By the end of the workshop, you will have familiarized yourself with the most important security tools available in the discipline of Kubernetes. The only requirements are to bring your enthusiasm and have kubectl and ssh installed. Perhaps you might even get a goodie bag at the end - who knows ;)

What you will learn

• AppArmor: Install an Apparmor profile and customize depending on the requirement.
• Trivy: Scan container images and directories for vulnerabilities.
• Kube-Bench: Scan master and worker nodes for configuration security. Examine results and fix warnings.
• OPA: Create, modify and test different CRD-based policies.
• Seccomp: Set up audit policies to monitor system calls and check audit logs. Set up policies that limit privileges and launch pods that violate policies resulting in CrashLoopBackoff status.
• gVisor: Set up secure runtime with stronger isolation. Launch pods to test isolation.
• Falco: Set up rules to detect security threats.
• Kube-hunter: Discover vulnerabilities in running clusters.